Information System Security Officer (ISSO)

Position Summary

Avineon, Inc. is looking to add to our dynamic and varied team of security professionals. We are seeking an Information System Security Officer (ISSO) with 10 years of experience in information security, Security Assessment & Authorization (SA&A), security policy and procedures, continuous monitoring, auditing, security compliance monitoring, and network engineering using best practices in an enterprise environment. The successful candidate will have specialized experience in IT security program management for the federal government with an emphasis on intelligence community (IC) support including in-depth knowledge of applicable laws and regulations, Intelligence Community Directives (ICDs), and compliance monitoring.

Duties & Responsibilities

• Analysis of network and system intrusions, breaches, and other information security incidents in support of IT security incident response
• Interpretation and clarification of security policy, guidance, and new or changing policy requirements, including FISMA, NIST, ICD, and CNSSI No. 1253.
• Recommendation for action(s) to resolve or mitigate known weaknesses, or for preventive measures and safeguards for potential threats.
• Status monitoring for Plans of Action and Milestones (POA&M), and other applicable action plans designed to resolve known weaknesses or prevent potential threats.
• Guidance in resolving known system weaknesses according to available enterprise-level plans or solutions.
• Situational awareness through notification of enterprise security issues, solutions, projects, and plans that may impact the assigned system(s).
• Continuous monitoring of NIST and CNSSI security controls.
• Coordination of activities that facilitate confidentiality, integrity, and availability of assigned systems and applications.
• Accomplishing duties through planning, analysis, development, implementation, maintenance, and enhancement of the client’s cybersecurity information systems security programs, policies, procedures, and tools consistent with FISMA, ICD and NIST guidelines.
• Assisting the SAISO/CISO/ISSM in identifying, implementing, and assessing common security controls.
• Actively supporting the development and maintenance of the system security plan, to include coordinating system changes with the information system owner and assessing the security impact of those changes.
• Performing and/or providing oversight and guidance for day-to-day security activities for assigned systems.
• Develop or assist in development of system security policy.
• Configure, test, and evaluate hardware and software products to enhance information security.
• Document business requirements, perform risk assessments, and support investigations and audits by utilizing IT review and IT forensics procedures.

Education - Experience & Skills Required

Required Experience/Skills:

• Detailed knowledge and expertise required to manage the security aspects of an information system.
• At least 10 years experience in and associated knowledge of IT security.
• 15 years progressive IT experience.
• Expert in systems security monitoring and scanning tools including but not limited to McAfee ePO, Nessus/Tenable, Tripwire, SourceFire, Splunk, ACAS, and HBSS.
• Knowledge of federal policies and guidelines such as ICD, FISMA, and Homeland Security Policy Directives.
• Knowledge of NIST and ICD documents, standards, and guidelines.
• Understand the SA&A process of information systems as per NIST 800-37 and related standards.
• Understand/create security awareness program as per NIST 800-50.
• Understand incident prevention and response as per NIST guidelines.

• Understand HSPD-12 and the requisite NIST and FIPS standards (201).
• Complete understanding of NIST SP 800-53, SP 80-53A, and CNSSI No. 1253.
• Strong interpersonal skills and teamwork skills.
• Strong requirements gathering, analysis, and organization skills.
• Strong technical writing skills.
• Experience using system development life cycle methodology.
• CISSP or other certification preferred.

Education, Experience and Skills Required:

Education Required: Bachelor’s degree in computer science, information systems, engineering, or related discipline.

Clearance: Must be a U.S. citizen with a Top Secret security clearance with SCI access. All members of immediate family and household must be U.S. citizens.

Location: Washington DC and Metropolitan Area

In accordance with U.S. federal government regulations for federal contractors, all Avineon, Inc. employees are required to be fully vaccinated against COVID-19 unless a reasonable accommodation can be granted without causing undue hardship to Avineon or posing a threat to the health and safety of Avineon employees or customers.

Avineon, Inc. is an Equal Opportunity/Affirmative Action Employer. We provide equal employment opportunities to all applicants and employees without regard to race, color, religion, gender, national origin, age, disability, genetic information, or veteran status.